PCI Requirement 5.4

PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties

PCI Requirement 5 states, “Protect all systems against malware and regularly update anti-virus software or programs.” For this requirement, we’ve discussed the 5 sub-requirements and topics such as anti-virus solutions, malware protection, commonly affected systems, and the evolving threat landscape.

PCI Requirement 5.3

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

Now that there is an anti-virus solution installed and running in your environment, we need to keep it that way. PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.”

PCI Requirement 5.2

PCI Requirement 5.2 – Ensure all Anti-Virus Mechanisms are Current, Perform Periodic Scans, and Generate Audit Logs

Because the threat landscape is constantly evolving, you must keep your organization’s malware protection abreast. PCI Requirement 5.2 exists to, “Ensure that all anti-virus mechanisms are maintained as follows: are kept current, perform periodic scans, and generate audit logs which are retained per PCI DSS Requirement 10.7.”